Merge branch 'PHP-5.5' into PHP-5.6

* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c

1 files changed, 8 insertions, 5 deletions

diff --git a/ext/phar/phar_internal.h b/ext/phar/phar_internal.h
index b9a8019088..aa369abe3a 100644
--- a/ext/phar/phar_internal.h
+++ b/ext/phar/phar_internal.h
@@ -536,13 +536,16 @@ static inline void phar_set_inode(phar_entry_info *entry TSRMLS_DC) /* {{{ */
 {
 	char tmp[MAXPATHLEN];
 	int tmp_len;
-	size_t len;
+	size_t len1, len2;
 
 	tmp_len = MIN(MAXPATHLEN, entry->filename_len + entry->phar->fname_len);
-	len = MIN(entry->phar->fname_len, tmp_len);
-	memcpy(tmp, entry->phar->fname, len);
-	len = MIN(tmp_len - len, entry->filename_len);
-	memcpy(tmp + entry->phar->fname_len, entry->filename, len);
+
+	len1 = MIN(entry->phar->fname_len, tmp_len);
+	memcpy(tmp, entry->phar->fname, len1);
+
+	len2 = MIN(tmp_len - len1, entry->filename_len);
+	memcpy(tmp + len1, entry->filename, len2);
+
 	entry->inode = (unsigned short)zend_get_hash_value(tmp, tmp_len);
 }
 /* }}} */